Zoho Books
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a write or delete request is approved incorrectly, the agent could alter important accounting records.
The skill intentionally exposes create, update, and delete operations on financial records. This is disclosed and purpose-aligned, but these are high-impact actions.
Use this skill when users want to read, create, update, or delete invoices, contacts, bills, expenses, or other financial records in Zoho Books.
Only approve specific write/delete actions after checking the target Zoho account, resource ID, and expected business effect.
Anyone or any agent with the Maton API key may be able to access the connected Zoho Books data through Maton.
The skill uses a Maton API key plus a managed Zoho OAuth connection, which grants delegated access to the connected Zoho Books account.
All requests require the Maton API key in the Authorization header... Maton proxies requests to `www.zohoapis.com/books/v3` and automatically injects your OAuth token.
Keep the MATON_API_KEY secret, use the intended Zoho connection, revoke unused connections, and rotate the key if it may have been exposed.
Zoho Books data may pass through Maton as part of normal operation.
Accounting API requests and responses are routed through the Maton gateway before reaching Zoho. This is disclosed and expected for the skill, but it means sensitive financial data transits a third-party service.
Base URL `https://api.maton.ai/zoho-books/books/v3/{endpoint}` ... Maton proxies requests to `www.zohoapis.com/books/v3`Use this only if you trust Maton to handle the connected Zoho Books data and OAuth relationship.